Introduction
An Australian financial services organisation has been delivering innovative investment and wealth management platform solutions to the financial advice and private wealth sectors for over two decades. As part of its commitment to continuous technological innovation and operational excellence, the organisation embarked on a digital transformation program, which includes cloud migration and modernisation initiatives to support its future growth.
Business challenge
As the business expanded and market demands evolved, the organisation recognised the need to modernise its IT infrastructure. Ageing on-premises systems and growing operational costs presented challenges to scalability, performance and reliability.
To accelerate their cloud migration and modernisation journey, the organisation partnered with Arinco. Key challenges addressed included:
- Mitigating the risk of significant service outages due to ageing hardware
- Resolving platform reliability issues with the existing pipeline and deployment processes
- Modernising service deployment processes and technology
- Reducing the rising costs of purchasing and operational overhead of maintaining hardware for on-premises hosting
- Establishing a scalable Azure cloud foundation to support future business growth
The key objectives of the project were to ensure seamless migration to the cloud, optimise operational efficiency, and position the financial organisation for sustained growth and innovation in the years ahead.
Our approach
The financial organisation adopted Arinco’s Azure Done Right™ approach, a program comprising of multiple modernisation work streams, including landing zone enablement, migration and modernisation, and cost optimisation.
Landing Zone Enablement
Arinco played a key role in implementing a secure and scalable Azure landing zone based on Microsoft’s Cloud Adoption Framework (CAF). By leveraging a variety of predefined standards, policies and repeatable IP, Arinco used automation tools to establish the Azure environment, ensuring consistency and alignment with best practices. This enabled the organisation to swiftly transition their on-premises workloads to a modern environment in Azure.
The process began with a series of in-depth workshops, where Arinco worked closely with the financial organisation to understand their requirements and align them with the five pillars of the Azure Well-Architected Framework (reliability, security, cost optimisation, operational excellence and performance efficiency). From this, a future-state architecture was developed and agreed upon.
Once the landing zones were deployed, Arinco ensured they were utilised according to best practices with minimal overhead. This was achieved by deploying a series of Azure policies that delivered many security and operational benefits, including:
- Automating manual tasks, such as the assignment of maintenance windows and backups
- Streamlining and automating logging processes
- Enforcing data residency requirements so resources are deployed to Australia only
- Enforcing security requirements, including no public network access and minimum TLS version across all resources
In further alignment with security best practices, Arinco assisted in creating the necessary pipelines and service accounts that are used for deploying application workloads. This minimised the need for user accounts to have standing write access, particularly for critical platform and production environment resources. Just-in-time access was facilitated through Azure’s Privileged Identity Management platform, ensuring a traceable audit trail for permission elevation.
Migration & Modernisation
With the Landing Zone in place, we moved into the next phase to migrate and modernise the organisation’s core workloads. The process began with replicating their on-premises environments in Azure and deploying equivalent Azure-managed services across the web, business, and data layers to ensure continuity and scalability.
Due to the organisation’s core applications running on high-specification on-premises hardware, a key challenge to overcome was to evaluate the appropriate SQL hosting service on Azure. Utilising Azure Migrate to assist with initial baseline recommendations, and further in-depth analysis, the selection of SQL Managed Instance was decided due to both performance and scalability requirements.
Migrating the web layer to a PaaS solution enabled the organisation to scale applications both vertically and horizontally, adapting to resource demands. This approach provided instantaneous scaling capabilities and flexible cost management, allowing resources to scale down during low demand periods, ensuring cost efficiency while maintaining performance.
Cost Optimisation
A universal challenge in many cloud environments, the financial organisation was not unique in operating workloads at higher specifications than necessary to attain a performance buffer. While this ensured reliable performance and service availability, the organisation recognised the challenge that cost optimisation presented to the long-term adoption of Azure services.
After six months of utilisation in production environments, the team had gathered sufficient data to accurately assess and adjust resource allocation. To optimise costs, Arinco conducted a detailed analysis of the organisation’s business context, Azure consumption history, usage reports, and recommendations from the Azure Advisor. This analysis identified several cost-saving opportunities, particularly across four high spending categories: database, storage, compute and app services.
This was achieved through a combination of the following:
- Right-sizing of resources based on usage metrics, such as disk capacity, CPU/memory utilisation and database units across all categories.
- Committing to Reserved Instances for long-term resources (1-3 years), ensuring more predictable pricing and lower rates across all categories. Auditing and purging redundant or orphaned resources that were left behind when parent resources were deleted, helping eliminate unnecessary costs across all categories.
- Optimising data storage by moving archival and backup data to lower-cost storage tiers (e.g., Cool or Archive tiers), reducing overall storage expenses.
- Consolidating app services by merging compatible applications into shared App Service plans instead of maintaining a 1:1 mapping, to improve efficiency and reduce costs.
Outcomes
Landing Zone Enablement
By defining the landing zone using repeatable Infrastructure-as-Code (IaC) templates, the organisation established a scalable and repeatable approach for deploying landing zones across various application workloads and environments. This ensures consistency and reproducibility in every deployment. Additionally, leveraging automated pipelines eliminates the need for manual operations or “click-ops,” which are prone to human error and can lead to inconsistent results.
With Azure Policy guardrails in place, the financial organisation can proceed with greater confidence, knowing that essential security and governance controls are automatically enforced. These policies detect and prevent unauthorised actions, ensuring the integrity of the environment.
As a result, the organisation now has a solid foundation for securely migrating its on-premises workloads to Azure with confidence and is able to free up time for their engineers to focus on higher value tasks.
Migration & Modernisation
Working closely with the organisation’s Head of IT & Infrastructure, Arinco helped to implement a multi-region architecture for one of its key applications to ensure high availability and resiliency. In addition, the on-premises SQL database for their application was migrated to SQL Managed Instance on Azure, creating a highly scalable and secure database while reducing operational overheads as it is managed by Azure. Upon successful cutover in mid-November, the application has remained stable (no downtime to-date). In addition, database performance on SQL Managed Instance has improved by ~5% as compared to on-premises hosting. With this, the financial organisation is on track to retire their on-premises database for this key application, which will result in further savings on operating costs.
Cost Optimisation
Understanding the long-term impact of cost management, the team made a strategic decision to prioritise cost optimisation early in the project. This proactive approach proved successful, yielding a nearly 40% reduction (approximatley $50,000 USD) in the organisation’s monthly cloud spend, compared to the previous 3-month average spend.
The financial organisation’s commitment to this initiative has been pivotal to its success. The infrastructure team acted swiftly in reviewing and updating flagged resources, addressing the audit findings, and implementing Arinco’s recommendations. This short turnaround resulted in a significant reduction in costs within just one billing cycle, with these savings enabling the financial organisation and Arinco to complete expanded cloud migration at no further operational cost.
Conclusion
With a secure, scalable and cost-effective Azure Landing Zone in place, the financial organisation is now set up for future success with a technology environment that will evolve and adapt to their growing business. Recently, the organisation has further progressed with their transformation program by implementing the Azure Virtual Desktop and Sentinel platforms, while also migrating one of their essential workloads from on-premises to their new Azure Landing Zone, effectively taking them one step closer to their modernisation goals.
